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" Th MAILING DATE of this communication app ars on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- tf the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- tf NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 Cf\^ 1.704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 07 July 2000 . 
2a)\3 This action is FINAL. 2b)[3 This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) M Claim(s) 7-45 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) [3 Claim(s) 7-45 is/are rejected. 

Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) M The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 07 July 2000 is/are: a)n accepted or b)M objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) 0 The proposed drawing correction filed on is: a)n approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) n The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or(0. 

a)nAII b)n Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 

30 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachnient(s) 

1) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). , 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) O Notice of Informal Patent Application (PTO-152) 

3) S Information Disclosure Statement(s) (PTO-1449) Paper No(s) 2 . 6) □ Other: 
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DETAILED ACTION 

1. Pursuant to USC 131, claims 1-45 are presented for examination. 

Specification 

2. The disclosure is objected to because of the following informalities: on page 3, line 30, 
"also" should be replaced with —allows— . On page 6, line 15, "To" should be replaced with — 
The—. On page 7, line 26, the second "if should be replaced with —it—. Appropriate correction 
is required. 

Applicant's cooperation is requested in correcting any errors of which applicant may 
become aware in the application. 

2. 1 The abstract of the disclosure is objected to because it is too lengthy. Correction is 
required. See MPEP § 608.01(b). 

Applicant is reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 
150 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist 
readers in deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," 
"The disclosure defined by this invention," "The disclosure describes," etc. 
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2.2 The use of the trademark "SYMETRIX" on page 19, lines 26-27 and page 31, line 4, 
"ORACLE" on page 32, line 15 has been noted in this application. It should be capitalized 
wherever it appears and be accompanied by the generic terminology. 

Although the use of trademarks is permissible in patent applications, the proprietary 
nature of the marks should be respected and every effort made to prevent their use in any 
manner, which might adversely affect their validity as trademarks. 

Dramngs 

3. Figure 7 is objected to as failing to comply with 37 CFR L84(p)(5) because it includes 
the reference number "424" not mentioned in the description. 

In figure 6, step 403 there is a typo error in the word "applicable". Appropriate 
correction is required. 

A proposed drawing correction, corrected drawings, or amendment to the specification to 
add the reference sign(s) in the description, are required in reply to the Office action to avoid 
abandonment of the application. The objection to the drawings will not be held in abeyance. 

Claim Objections 

4. Claim 22 and the intervening claims are objected to because of the following "the 
computer system of claim 18 " Appropriate correction is required to avoid rendering the claims 
indefinite. 
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4. 1 Claim 37 is objected to because of the following informalities: line 28, the phrase "is 
allowed access the resource" is missing the word to after access. 

Claim 43 is objected to because of the following informalities: the end of line 14, "of::" 
has an extra colon. 



Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the appKcant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), 
(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 
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5. 1 Claims 1-45 are rejected under 35 U.S.C. 102(e) as being anticipated by US Patent 
6,236,996 to Bapat et aL. 

5.2 As per claims 1, 19, and 38, Bapat et aL discloses a method and a system (see figure 3) 
that meets the recitation of the system of claim 19 comprising input/output interface, processor, 
memory system encoding with authorization program, authorization database, and 
interconnection mechanism coupUng the above Ust, for providing access control in a computing 
system environment, the method comprising the steps of receiving an access request (see column 
1 1, Unes 59); selecting, based on the access request, a selected set of rules containing at least one 
rule from at least one master set of rules (see column 11, lines 59-65 and column 13, lines 15- 
57); and performing at least one rule operation in the at least one rule in the selected set of rules 
to produce an access control decision until at least one of: i) a rule operation including a 
disregard instruction is performed to limit performance of rule operations in the selected set of 
rules; and ii) all rule operations in the selected set of rules that are applicable to the access 
control decision are performed. (See column 1 1, lines 59-65 and column 13, lines 15-57). 

As per claims 2 and 20, Bapat et aL discloses the limitation of wherein the step of 
performing includes the step of producing an access control decision indicating whether to allow 
access, on behalf of a requestor submitting the access request, to an resource in the computing 
system environment (see column 1 1, lines 59-65 and column 13, lines 15-57). 
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As per claims 3 and 21, Bapat et al. discloses the limitation of wherein the step of 
selecting includes the steps of determining an identity of the resource in the computing system 
environment to which access is requested in the access request; and applying at least one filter 
operation, using the identity of the resource, for rules in the at least one master set of rules to 
produce the selected set of rules for use in determining the access control decision to the resource 
(see column 14, lines 10-42). 

As per claims 4 and 22, Bapat et al. discloses the limitation of further including the step 
of determining a role identity of a requestor submitting the access request (see column 15, lines 
23-28 and column 16, lines 55-58); and wherein the step of applying appUes the at least one filter 
operation, using the role identity of the requestor submitting the access request in combination 
with the identity of the resource, for rules in the at least one master set of rules to produce the 
selected set of rules for use in determining the access control decision to the resource (see 
column 14, line 53 through column 15, line 10; see also column 16, line 55 through column 17, 
line 41). 

As per claims 5, 23, and 40, Bapat et al. discloses the limitation of wherein at least one 
rule in the selected set of rules contains a rule operation including an unconditional disregard 
instruction (see column 11, lines 1 1-23); and wherein the step of performing includes the steps of 
performing less than all rule operations defined within the at least one rule in the selected set of 
rules by sequentially performing rule operations in each rule in the selected set of rules until the 
unconditional disregard instruction is performed thereby terminating the performance of any 



Application/Control Number: 09/6 11,913 Page 7 

Art Unit: 2136 

remaining rule operations in the selected set of rules (see column 15, lines 28-34 and column 11, 
lines 1 1-23). (See also column 27, lines 50 et seq.). 

As per claims 6 and 24, Bapat et aL discloses the limitation of wherein the selected set 
of rules is arranged hierarchically such that rules containing rule operations that are more 
specific are performed before rule operations that are more general (see column 15, lines 28-34 
and column 11, lines 1 1-23). 

As per claims 7, 10, 25, 28, and 41, Bapat et al. discloses the limitation of wherein at 
least one rule in the selected set of rules contains a rule operation including a disregard 
instruction including disregard criteria; and wherein the step of performing limits performance of 
rule operations in the selected set of rules by performing the disregard instruction containing 
disregard criteria such that at least one rule operation in any remaining rule operations in the 
selected set of rules is disregarded from further performance (see column 26, line 51 through 
column 27, line 28). (See also column 27, lines 50 et seq.). 

As per claims 8, 11, 26, and 29, Bapat et al. discloses the limitation of wherein the step 
of performing includes the steps of evaluating the disregard criteria against any remaining 
unperformed rule operations in the selected set of rules; and marking any remaining unperformed 
rule operations in the selected set of rules that match the disregard criteria to be disregarded from 
fixrther rule processing (see column 26, line 51 through column 27, line 28). 
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As per claims 9, 27, and 39, Bapat et aL discloses the limitation of wherein the step of 
selecting includes the steps of determining an identity of a resource in the computing system 
environment to which access is requested in the access request (see column 26, lines 30-40); and 
applying at least one filter operation, using the identity of the resource, for rules in the at least 
one master set of rules to produce the selected set of rules for use in determining the access 
control decision to the resource (see column 26, line 51 through column 27, line 28); and 
wherein the method further includes the step of determining a role identity of a requestor 
submitting the access request (see column 26, lines 30-40); and wherein the step of performing 
sequentially processes each rule operation in the selected set of rules using the role identity of the 
requestor submitting the access request in combination with the identity of the resource to 
determine if the requestor using the role identity can access the resource (see also column 27, 
lines 50 et seq.). 

As per claims 12 and 30, Bapat et aL discloses the limitation of wherein the selected set 
of rules is arranged hierarchically such that rules containing rule operations that are more 
specific are performed before rules containing rule operations that are more general such that 
placement of the disregard instruction in one of the at least one rules in the selected set of rules 
causes the step of performing to control an amount of access control provided to the requestor 
that submitted the access request for access to the resource (see column 15, hnes 28-34 and 
column 11, lines 1 1-23; see also column 27, lines 50 et seq.). 



Application/Control Number: 09/6 11,913 Page 9 

Art Unit: 2136 

As per claims 13 and 31, Bapat et al. discloses the limitation of wherein the disregard 
instruction is a conditional instruction that has a condition that must be met before the disregard 
instruction is performed (see column 27, lines 50 et seq.). 

As per claims 14 and 32, Bapat et aL discloses the limitation of wherein at least one 
rule in the selected set of rules contains a relation that defines a condition based on a group 
definition; and wherein at least one of the steps of selecting and performing includes the step of 
performing the relation to determine if at least one of a requestor, an access, and a resource 
specified in the access request satisfy the condition based on the group definition (see column 26, 
lines 30-67). 

As per claims 15, 33, and 43, Bapat et al. discloses method for determining an 
authorization state of an access control system in a computing system environment, the method 
comprising the steps of receiving an access request (see column 27, lines 45-49); determining at 
least one of i) an identity of the resource in the computing system environment to which the 
access request is directed (see column 26, lines 30-40); and ii) a role identity of a requestor 
submitting the access request; and applying at least one filter operation, based on at least one of 
the identity of the resource and the role identity of a requestor, to an at least one master set of 
rules to produce a list of rules to which the at least one filter operation matches in order to 
provide an indication of the authorization state of an access control system in a computing 
system environment as related to at least one of the identity of the resource and the role identity 
of a requestor (see column 26, lines 30-40 and column 27, lines 50 et seq.). 
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As per claims 16 and 34, Bapat et al. discloses the limitation of wherein the step of 
applying at least one filter operation applies a filter operation to determine what rules in the at 
least one master set of rules affect access to what resource in the computing system environment 
(see column 26, line 51 through column 27, line 28 and column 27, lines 50 et seq.). 

As per claims 17, 35, and 42, Bapat et aL discloses the limitation of wherein the step of 
applying at least one filter operation applies a filter operation to determine what rules in the at 
least one master set of rules affect what at least one requestor can do to at least one resource in 
the computing system environment (see column 26, line 51 through column 27, line 28 and 
column 27, lines 50 et seq.). 

As per claims 18 and 36, Bapat et aL discloses the limitation of wherein the step of 
applying at least one filter operation applies a filter operation to determine access control 
operations that a requestor can do to at least one resource in the computing system environment 
(see column 26, line 51 through column 27, line 28 and column 27, lines 50 et seq.). 

As per claims 37 and 44, Bapat et aL discloses method providing access control to an 
resource in a computing system environment, the method comprising the steps of receiving an 
access request fi-om a requestor requesting access to a resource in the computing system 
environment and determining a role identity associated with the requestor requesting access to 
the resource (see column 26, lines 30-40); and processing the access request in relation to a rule 
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set based on an identity of the resource in the computing system environment to which the 
requestor requested access and based on the role identity associated with the requestor to 
determine if the requestor is allowed access the resource (see column 26, line 51 through column 
27, line 28 and column 27, lines 50 et seq.); and wherein the rule set includes a plurality of rules, 
each rule including a filter operation, and wherein the step of processing determines if a rule 
applies to the resource in the computing system environment to which the requestor requested 
access based on the filter operation (see column 26, line 51 through column 27, line 28 and 
column 27, lines 50 et seq.); and wherein at least one rule in the rule set includes a disregard 
instruction, and wherein if the step of processing determines, based on the filter operation that 
the rule including the disregard instruction applies to the resource in the computing system 
environment to which the requestor requested access, the step of processing processes the rule 
including the disregard instruction to limit performance of any remaining rule operations in the 
selected set of rules (see column 26, line 51 through column 27, line 28 and column 27, lines 50 
et seq.). 

As per claim 45, Bapat et al. discloses a method for controlling apphcability of rule 
operations in a rule-based access control system, the method comprising the step of selecting at 
least one rule for performance to determine an access control decision; and performing a rule 
operation in the at least one rule, the rule operation including a disregard instruction that when 
performed, causes non-performance of at least one other rule operation in at least one rule that is 
selected for performance to determine the access control decision (see column 26, Hne 51 
through column 27, line 28 and column 27, lines 50 et seq.). 
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Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure as the art discloses the use of filter to control access by users at clients in the network 
to information resources. 

US Patent: 6,408,336 Schneider et al. 

6. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 703-305-0355. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 

Carl Colin 
Patent Examiner 
February 18,2004 
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